Sublime Core Feed | Sublime Security

Sublime Core Feed
Login to Sublime
Sublime Core FeedThis repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Mar 27th, 2026
Feed Source
GitHub
Tactic or Technique is
Rule Name & Severity
Last Updated
Attachment: Fake lawyer & sports agent identities
Sublime Security
2mo ago
Jan 26th, 2026
BEC/Fraud
Impersonation: VIP
Social engineering
Content analysis
Exif analysis
File analysis
Optical Character Recognition
BEC/Fraud
Impersonation: VIP
Social engineering
Content analysis
Exif analysis
File analysis
Optical Character Recognition
Google share notification with suspicious comments
Sublime Security
2mo ago
Jan 12th, 2026
Credential Phishing
Impersonation: VIP
Free file host
HTML analysis
Header analysis
Sender analysis
Content analysis
Credential Phishing
Impersonation: VIP
Free file host
HTML analysis
Header analysis
Sender analysis
Content analysis
Impersonation: Executive using numbered local part
Sublime Security
1mo ago
Jan 30th, 2026
BEC/Fraud
Free email provider
Impersonation: VIP
Social engineering
Header analysis
Sender analysis
BEC/Fraud
Free email provider
Impersonation: VIP
Social engineering
Header analysis
Sender analysis
Service Abuse: Box file sharing with credential phishing intent
Sublime Security
2mo ago
Jan 12th, 2026
Credential Phishing
BEC/Fraud
Callback Phishing
Evasion
Social engineering
Impersonation: Employee
Impersonation: VIP
Content analysis
Natural Language Understanding
Sender analysis
Header analysis
Credential Phishing
BEC/Fraud
Callback Phishing
Evasion
Social engineering
Impersonation: Employee
Impersonation: VIP
Content analysis
Natural Language Understanding
Sender analysis
Header analysis
Service abuse: Trello board invitation with VIP impersonation
Sublime Security
1mo ago
Feb 3rd, 2026
Credential Phishing
Impersonation: VIP
Social engineering
Content analysis
Header analysis
HTML analysis
Sender analysis
Credential Phishing
Impersonation: VIP
Social engineering
Content analysis
Header analysis
HTML analysis
Sender analysis
Suspicious attachment with unscannable Cloudflare link
Sublime Security
2mo ago
Jan 12th, 2026
Credential Phishing
Evasion
PDF
Social engineering
Impersonation: Employee
Impersonation: VIP
File analysis
URL analysis
Sender analysis
Content analysis
Header analysis
Natural Language Understanding
Credential Phishing
Evasion
PDF
Social engineering
Impersonation: Employee
Impersonation: VIP
File analysis
URL analysis
Sender analysis
Content analysis
Header analysis
Natural Language Understanding
Suspicious request for financial information
Sublime Security
3mo ago
Dec 6th, 2025
BEC/Fraud
Free email provider
Impersonation: Employee
Impersonation: VIP
Social engineering
Content analysis
Header analysis
Sender analysis
BEC/Fraud
Free email provider
Impersonation: Employee
Impersonation: VIP
Social engineering
Content analysis
Header analysis
Sender analysis
VIP / Executive impersonation in subject (untrusted)
Sublime Security
7mo ago
Aug 14th, 2025
BEC/Fraud
Impersonation: VIP
Header analysis
Sender analysis
BEC/Fraud
Impersonation: VIP
Header analysis
Sender analysis
VIP / Executive impersonation (strict match, untrusted)
Sublime Security
1mo ago
Feb 25th, 2026
BEC/Fraud
Impersonation: VIP
Header analysis
Sender analysis
BEC/Fraud
Impersonation: VIP
Header analysis
Sender analysis
VIP impersonation: Fake thread with display name match, email mismatch
Sublime Security
2mo ago
Jan 12th, 2026
BEC/Fraud
Evasion
Impersonation: VIP
Social engineering
Spoofing
Content analysis
Header analysis
Sender analysis
Whois
BEC/Fraud
Evasion
Impersonation: VIP
Social engineering
Spoofing
Content analysis
Header analysis
Sender analysis
Whois
VIP impersonation with BEC language (near match, untrusted sender)
Sublime Security
5d ago
Mar 25th, 2026
BEC/Fraud
Impersonation: VIP
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Impersonation: VIP
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
VIP impersonation with charitable donation fraud
Sublime Security
4mo ago
Nov 12th, 2025
BEC/Fraud
Impersonation: Employee
Impersonation: VIP
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Impersonation: Employee
Impersonation: VIP
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
VIP impersonation with invoicing request
Sublime Security
2y ago
Apr 23rd, 2024
BEC/Fraud
Impersonation: VIP
Content analysis
Header analysis
Natural Language Understanding
BEC/Fraud
Impersonation: VIP
Content analysis
Header analysis
Natural Language Understanding
VIP impersonation with urgent request (strict match, untrusted sender)
Sublime Security
5d ago
Mar 25th, 2026
BEC/Fraud
Impersonation: VIP
Social engineering
Content analysis
Content analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Impersonation: VIP
Social engineering
Content analysis
Content analysis
Natural Language Understanding
Sender analysis
VIP impersonation with w2 request with reply-to mismatch
Sublime Security
18d ago
Mar 12th, 2026
BEC/Fraud
Impersonation: VIP
Content analysis
Header analysis
Natural Language Understanding
BEC/Fraud
Impersonation: VIP
Content analysis
Header analysis
Natural Language Understanding
VIP local_part impersonation from unsolicited sender
Sublime Security
7mo ago
Aug 12th, 2025
Impersonation: VIP
Spoofing
Header analysis
Sender analysis
Impersonation: VIP
Spoofing
Header analysis
Sender analysis
16 Rules